1. Technical Field
The invention relates to security mechanisms for electronic transactions; specifically use of public key cryptography for authentication and electronic (digital) signatures, and determination of the quality level of such authentication and signature procedures.
2. Related Art
Authentication (proof of identity) is crucial to many applications and services in the electronic world. Today, this is mainly accomplished by username and password. A password is an inherently weak mechanism. Furthermore, passwords (same applies to other mechanisms based on shared secrets) should be different for different mechanisms requiring password authentication. The situation quickly becomes cumbersome, as a user today will commonly have in the range of 20 usernames and password for different services on the Internet. The number of usernames and passwords is expected to grow, as the number of services offered on the Internet increases.
Electronic IDs based on public key cryptography and certificates issued by a trusted Certificate Authority (CA) offer an alternative approach. A certificate binds a name to a public key. Since this information is open, the electronic ID may be used towards any counterpart, potentially replacing all usernames and passwords for the ID holder. Public key cryptography offers the added functionality of electronic signatures on documents (non-repudiation), and establishment of secure communication channels (confidentiality and integrity). An electronic ID will consist of 1-3 certificates and corresponding key pairs (public keys in certificates and private keys held by the owner of the electronic ID) depending on the need for different keys and certificates for different usage (signature, encryption, authentication). Note that an electronic ID in principle may be issued to any subject that can be given a name: persons (real name or pseudonym), organisations and organisational units, roles, computers, services, network addresses, and so on.
A Public Key Infrastructure (PKI) consists of one CA, or several CAs in a common system. A PKI may be anything from a simple system serving one organisation to a community service issuing the electronic parallel of official, physical ID cards.
Even when limiting the scope to the latter (public PKIs), there are several hundred PKIs world wide, with more to come with an increasing focus on electronic IDs and electronic signatures as enablers of electronic commerce. This poses problems to the entity that receives an electronic ID, the Relying Party (RP). The main problems are:                Semantic interpretation (syntax is usually not a problem) of certificate content as specified by different CAs, and in particular interpretation of subject names.        Safe management of the public keys of the CAs, used to verify the CAs' electronic signatures on certificates.        Revocation checking, i.e. verifying that the certificate is not on the issuing CA's list of certificates that are declared invalid before their normal expiry time.        Determination of the quality of the certificate—electronic IDs may have widely different quality characteristics.        
This invention focuses on the latter problem: determination of the quality level of a given certificate. Determination of the quality of a certificate that is about to be accepted is a part of the risk management procedures of the RP. The strength of the authentication procedure is an important parameter when deciding upon the access rights to grant to an authenticated counterpart. Username and password may be enough only for a minimal level of authorisations, given the risk that an attacker has spoofed the authentication. A weak electronic ID may be comparable to a password in strength, while a strong electronic ID may give full access to all services.
When the electronic ID is used to sign a document, which may be a valuable contract, the issue of whether or not the electronic ID has the necessary quality may be even more important.
Today, quality classification is almost entirely up to the RP. Several products offer the possibility of configuring the quality level of an authentication mechanism. As one example, Netegrity's SiteMinder product uses a scale from 1-100. However, the RP must itself determine which number an electronic ID (or other mechanism) shall take, and configure this in the authentication server. The classification, in SiteMinder as well as similar products, is just a number, not revealing more detailed information about the electronic ID.
With respect to more objective classification of electronic IDs, the most important term is “qualified certificate” as defined by the EU Directive on electronic signatures [5]. In the US, the “Federal Bridge” CA has defined some distinct levels that a CA may select when cross-certifying towards the Federal Bridge. ETSI's recommendation [4] for issuers of “non-qualified” certificates also makes an attempt at defining the main parameters that characterises the quality of a certificate. A “qualified certificate” can only be issued if the CA fulfils all the requirements stated in EU and national legislation. However, the term has little value outside the EU. Few CAs have today cross-certified with the Federal Bridge, and such cross-certification has little value outside of the US. ETSI's non-qualified recommendation is rarely used today.
Given the state-of-the-art, the invention provides a novel approach at relieving the RP from the burden of performing quality classification for individual CAs, at the same time facilitating the RP's risk management.